CN111444539A - Authority processing method and device, storage medium and terminal - Google Patents

Authority processing method and device, storage medium and terminal Download PDF

Info

Publication number
CN111444539A
CN111444539A CN202010221045.7A CN202010221045A CN111444539A CN 111444539 A CN111444539 A CN 111444539A CN 202010221045 A CN202010221045 A CN 202010221045A CN 111444539 A CN111444539 A CN 111444539A
Authority
CN
China
Prior art keywords
application
permission
authority
authorized
request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010221045.7A
Other languages
Chinese (zh)
Other versions
CN111444539B (en
Inventor
王侃
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huizhou TCL Mobile Communication Co Ltd
Original Assignee
Huizhou TCL Mobile Communication Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huizhou TCL Mobile Communication Co Ltd filed Critical Huizhou TCL Mobile Communication Co Ltd
Priority to CN202010221045.7A priority Critical patent/CN111444539B/en
Publication of CN111444539A publication Critical patent/CN111444539A/en
Application granted granted Critical
Publication of CN111444539B publication Critical patent/CN111444539B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/629Protecting access to data via a platform, e.g. using keys or access control rules to features or functions of an application

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the application discloses a permission processing method, a permission processing device, a storage medium and a terminal. The authority processing method comprises the following steps: receiving an application multi-open request of a first application, and opening a second application according to the application multi-open request, wherein the second application is a split application corresponding to the first application in a virtual environment; when receiving an authority verification request of the second application, acquiring an application identifier of the second application; acquiring an authority subset corresponding to the application identifier from an authority set, wherein the authority set comprises authorized application authorities and application authorities to be authorized corresponding to a plurality of applications; responding the authority verification request based on the authority subset and performing authority verification to obtain an authority verification result; and running the second application according to the permission verification result. According to the embodiment of the application, the application permission of the multi-open application and the application permission of the original application are set separately, so that the safety isolation of the multi-open application is realized, and the safety of the multi-open application can be effectively improved.

Description

Authority processing method and device, storage medium and terminal
Technical Field
The application relates to the field of mobile terminal application, in particular to a permission processing method, a permission processing device, a storage medium and a terminal.
Background
In an Android (Android) system, an authority processing implementation means conventionally used by a mobile phone manufacturer is realized based on a multi-user mechanism of native Google, but the implementation mode conflicts with the implementation of a set of native multi-user and Android for Work (a scheme developed by Google leadership and aiming at supporting the Android to be applied in an enterprise, and the functions of simultaneously supporting Work application and personal application, AFW for short) and the like on the same equipment.
In the related art, generally, a multi-split application is realized by using a plug-in technology and a virtualization technology, and the virtualization technology adds a layer of virtual space between a system service layer and an application layer in a mode of proxy system service, so that the virtualized multi-split application runs in the virtual space. It has drawbacks in safety and functionality.
Disclosure of Invention
The embodiment of the application provides a permission processing method, a permission processing device, a storage medium and a terminal, and safety of multi-open application can be effectively improved.
The embodiment of the application provides an authority processing method, which comprises the following steps:
receiving an application multi-open request of a first application, and opening a second application according to the application multi-open request, wherein the second application is a split application corresponding to the first application in a virtual environment;
when receiving an authority verification request of the second application, acquiring an application identifier of the second application;
acquiring an authority subset corresponding to the application identifier from an authority set, wherein the authority set comprises authorized application authorities and application authorities to be authorized corresponding to a plurality of applications;
responding the authority verification request based on the authority subset and performing authority verification to obtain an authority verification result;
and running the second application according to the permission verification result.
Correspondingly, an embodiment of the present application further provides an authority processing apparatus, including:
the device comprises a receiving unit, a judging unit and a processing unit, wherein the receiving unit is used for receiving an application multi-open request of a first application and opening a second application according to the application multi-open request, and the second application is an individual application corresponding to the first application in a virtual environment;
a first obtaining unit, configured to obtain an application identifier of the second application when receiving an authority verification request of the second application;
a second obtaining unit, configured to obtain a permission subset corresponding to the application identifier from a permission set, where the permission set includes authorized application permissions and application permissions to be authorized corresponding to multiple applications;
the verification unit is used for verifying the authority to be verified in the authority verification request based on the authority subset to obtain an authority verification result;
and the running unit is used for running the second application according to the permission verification result.
Correspondingly, the embodiment of the present application further provides a storage medium, where the storage medium stores a plurality of instructions, and the instructions are suitable for being loaded by a processor to perform the steps in the permission processing method.
Correspondingly, an embodiment of the present application further provides a terminal, which includes a processor and a memory, where the memory stores a plurality of instructions, and the processor loads the instructions to execute the steps in the permission processing method.
According to the embodiment of the application, the application permission of the multi-open application and the application permission of the original application are set separately, so that the safety isolation of the multi-open application is realized, and the safety of the multi-open application can be effectively improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a flowchart illustrating a first permission processing method according to an embodiment of the present application.
Fig. 2 is a flowchart illustrating a second permission processing method according to an embodiment of the present application.
Fig. 3 is a schematic view of an authority setting interface of an authority processing method according to an embodiment of the present application.
Fig. 4 is a block diagram of a first authority processing device according to an embodiment of the present application.
Fig. 5 is a block diagram of a second authority processing device according to an embodiment of the present application.
Fig. 6 is a schematic structural diagram of a terminal according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be described clearly and completely with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Based on the above problems, embodiments of the present application provide a method and an apparatus for processing a permission, a storage medium, and a terminal, which can effectively improve efficiency of clearing junk data in a memory of the terminal. The following are detailed below. It should be noted that the following description of the embodiments is not intended to limit the preferred order of the embodiments.
Referring to fig. 1, fig. 1 is a schematic flow chart illustrating a privilege processing method according to an embodiment of the present application. The rights processing method may be applied to mobile terminals such as terminals, tablet computers, notebook computers, palmtop computers, Portable Media Players (PMPs), and fixed terminals such as desktop computers. The specific flow of the permission processing method can be as follows:
101. and receiving an application multi-open request of the first application, and opening a second application according to the application multi-open request, wherein the second application is an individual application corresponding to the first application in the virtual environment.
Specifically, the application multi-open request of the first application is received, the application multi-open instruction can be triggered through user operation, and the application multi-open request is sent to the system service according to the application multi-open instruction. Starting the second application after receiving the application multi-open request. The first application may be an original application installed on the terminal, and the second application may be an multi-open application, that is, an individual application of the original application, and is run in a virtual environment.
Specifically, the application multi-open means that at least two identical applications are simultaneously opened on one terminal device, at least two accounts can be logged in, and the applications run in the background at the same time. The implementation means of the application multi-open is generally to use a plug-in and virtualization technology to implement the multi-open application. The virtualization technology adds a layer of virtual space between a system service layer and an application layer in a proxy system service mode, so that multiple virtual applications run in the virtual space. The virtualization technology constructs an agent on the basis of original system services mainly through a HOOK technology, and further builds a set of virtual environment for the application in the agent, so that the multi-open application can run in the virtual environment.
The HOOK program captures the message before the system does not call the function, and the HOOK function obtains the control right first, and at this time, the HOOK function can process (change) the execution behavior of the function and also can forcibly end the transfer of the message. In short, the program of the system is pulled out to become a code segment for self execution.
In some embodiments, after receiving the application multi-open request, before starting running the second application in the virtual environment, active malicious detection of the multi-open application is required in order to avoid the multi-open application mechanism being exploited by malware. Then, before the step "open the second application according to the application multi-open request", the following steps may be included:
acquiring application information of the first application;
performing security detection on the second application based on the application information;
and if the detection is passed, starting a second application according to the application multi-opening request.
Specifically, the application message of the first application is obtained, and the application message may include multiple types, for example, the application message may include an application installation package name, a hash fingerprint, and the like. The hash function is also called a hash function or a hash function, is a unique digital fingerprint, belongs to a cryptographic algorithm which can only encrypt and cannot decrypt, can compress information or data to be small, and fixes the format of the data, just like all functions.
The application message of the original application meeting the multi-open condition is pretended to be stored in the system in advance, and can be used for confirming whether the current multi-open application is a malicious application or has possible malicious behaviors under a specific condition. The malicious detection mechanism may be triggered in various situations, such as when an application is initialized from multiple sources, when an application is started, when an application requests a right, when an application accesses a file resource, when an application jumps, and so on.
And when the second application is detected maliciously, the second application can be started after the detection is passed, so that the use safety of the application program is effectively ensured.
102. And when the authority verification request of the second application is received, acquiring the application identification of the second application.
Specifically, after the second application is started, when some functions are executed, the application authority needs to be acquired. For example, if the second application needs to take a picture, the camera authority needs to be acquired; if the second application needs to send information, the contact rights need to be acquired, and so on.
When the second application needs to acquire the corresponding rights, the second application may send a rights verification request. When a permission verification request sent by the second application is received, the application identification of the second application can be acquired. The application identifier may be used to indicate the uniqueness of the application, and each application may correspond to a unique identifier. The application identifier may be a character string composed of letters or numbers or symbols, etc., for example, the application identifier obtained to the second application may be ABC 1.
103. And acquiring an authority subset corresponding to the application identifier from the authority set, wherein the authority set comprises authorized application authorities and application authorities to be authorized corresponding to the plurality of applications.
Specifically, after acquiring the application identifier of the second application, the permission subset corresponding to the application identifier may be acquired from the permission set. The permission set may include authorized application permissions and application permissions to be authorized corresponding to the multiple applications.
Specifically, the multiple applications refer to original applications that can implement multiple application functions; the authorized application permission may refer to that the user performs multi-open permission setting on the original applications when installing the original applications after downloading the original applications, and if the authorized application permission passes, the authorized application permission may be equal to that the user does not perform authorization, but when the original applications are multi-open, the user may grant permission again according to actual conditions.
For example, the permission set may include multiple authorized application permissions, such as authorized application permission 1, authorized application permission 2, authorized application permission 3, authorized application permission 4, and multiple to-be-authorized application permissions, such as to-be-authorized application permission 1, to-be-authorized application permission 2, to-be-authorized application permission 3, to-be-authorized application permission 4, and the like. The multiple authorized application rights and the multiple application rights to be authorized can respectively correspond to different applications. For example, application a may include: the authorized application authority 1, the authorized application authority 2, the application authority 1 to be authorized, the application authority 2 to be authorized and the like, and the application B may include the authorized application authority 3, the authorized application authority 4, the application authority 3 to be authorized, the application authority 4 to be authorized and the like.
Specifically, the authority subset corresponding to the application identifier is obtained from the authority set. The permission set can be divided into a plurality of permission subsets according to application identifiers of different applications, and the permission subsets can include authorized application permissions and application permissions to be authorized corresponding to the applications.
For example, the permission set may include two permission subsets, and the application identifications corresponding to the permission subsets may be ABC1 and ABC 2. Wherein, ABC1 corresponds to authorized application permission 1, application permission 1 to be authorized, application permission 2 to be authorized and application permission 3 to be authorized; ABC2 corresponds to authorized application right 1, to-be-authorized application right 1, etc.
The obtained application identifier of the second application may be ABC1, and it may be determined according to the application identifier ABC1 that the authorized application permission corresponding to the second application may be authorized application permission 1, and the application permission to be authorized may be to-be-authorized application permission 1, to-be-authorized application permission 2, and to-be-authorized application permission 3.
104. And responding the authority verification request based on the authority subset and performing authority verification to obtain an authority verification result.
Specifically, after the permission subset corresponding to the second application is obtained, a permission verification request of the second application may be responded based on the permission subset. Specifically, the authorized application permission in the permission verification request can be verified through the authorized application permission in the permission subset, so that a verification result is obtained.
In some embodiments, the step of "responding to the permission verification request based on the permission subset and performing permission verification" may include the following processes:
determining an authorized application permission list corresponding to the second application according to the permission subset;
acquiring the authority to be verified in the authority verification request;
matching the permission to be verified with the authorized application permission list;
if the matching is successful, the to-be-verified authority is verified successfully;
and if the matching fails, the verification of the authority to be verified fails.
Specifically, an authorized application permission list corresponding to the second application is determined according to the permission subset, and in the last step, the permission subset corresponding to the second application is obtained from the permission set according to the application identifier of the second application, where the permission subset includes all authorized applications and applications to be authorized corresponding to the second application. The authorized application permission list can be determined according to the fact that the prime in the permission subset has the authorized application.
Specifically, the to-be-verified right in the right verification request is obtained, and the to-be-verified right can be represented as the right which needs to be obtained by the current second application so as to execute a corresponding function. The permission to be verified can be determined through the permission verification request, and can be one application permission or a plurality of application permissions.
Specifically, the permission to be verified is matched with the authorized application permission list, and whether permission verification is passed or not can be obtained according to a matching result. The authorization authority list is used for judging whether the authorization authority list has the authority to be verified or not, if so, the matching is successful, the authority to be verified passes the verification, and the second application can use the authority to be verified; if the authorized permission list does not have the permission to be verified, the matching is failed, the permission to be verified does not pass, and the second application cannot use the permission to be verified.
For example, the to-be-verified right may be a camera shooting right, and the authorized application right list may include: if the contact person authority, the voice authority and the position authority exist, the fact that the authorized application authority list does not have the shooting authority can be judged, and the authority verification fails; for another example, the right to be verified may be a voice right, and the authorized application right list may include: and if the contact person authority, the voice authority and the position authority exist, the voice authority can be judged to exist in the authorized application authority list, and the authority passes verification.
In some embodiments, in order to enable a user to select the permission according to the actual situation when using the multi-open application, thereby completing some functions, the user can set the permission by himself during the application running process. For example, after the step "fails to verify the right to be verified", the method may further include the following steps:
acquiring all application permissions to be authorized in the permission subset;
generating an authority setting interface according to all application authorities to be authorized;
displaying the authority setting interface on a current display interface, and prompting a user to set the authority;
and processing the application permission to be authorized according to the operation of the user on the permission setting interface to obtain a permission granting result.
Specifically, all to-be-authorized application permissions in the permission subset corresponding to the second application are obtained, so that an to-be-authorized application permission list can be obtained. And then setting the to-be-authenticated authority in the authority verification request according to the operation of the user on the authority setting interface, namely setting the to-be-authorized application authority, and obtaining an authority granting result of the to-be-authenticated authority.
In some embodiments, the step "processing the application permission to be authorized according to the operation of the user on the permission setting interface" may include the following steps:
acquiring user operation information;
determining a selection control of user operation according to the user operation information;
and granting the permission to the application permission to be granted corresponding to the selection control operated by the user.
Specifically, the user operation information is obtained, and the user operation information may be a touch operation, and the touch operation may include various ways, such as clicking a screen, sliding the screen, pressing a physical key, and the like.
The permission setting interface may include all to-be-authorized permission applications and a plurality of selections, each to-be-authorized permission application may correspond to one selection control, and the selection control may be in a plurality of presentation forms, for example, the selection control may be a selection frame, a selection button, and the like.
Specifically, a selection control set by the user is determined according to the user operation, and then the application permission to be authorized, authorized by the user, can be determined according to the selection control.
For example, the permission setting interface may include an authorized application permission 1, an application permission 2 to be authorized, an application permission 3 to be authorized, and the like, where the authorized application permission 1 corresponds to the selection control 1, the application permission 2 to be authorized corresponds to the selection control 2, the application permission 3 to be authorized corresponds to the selection control 3, the selection control may be the selection frame 3, and when it is detected that the user operation may be clicking the selection frame 1, and a symbol of "√" appears in the selection frame 1, it is determined that the user authorizes the application permission to be authorized. The result of the right grant can be obtained.
105. And running the second application according to the permission verification result.
Specifically, the second application is operated according to the permission verification result, the current user executes the function a through the second application, the function a needs to acquire the permission 1, and after the permission verification is passed, the permission 1 is verified to pass, and the second application can acquire the permission 1 to execute the function a which the user needs to execute. The safety of the user privacy information is ensured, and meanwhile, the use experience of the multi-open application is not influenced.
In some embodiments, after the step of "running the second application according to the permission verification result", the following steps may be further included:
when a data access request of the second application is received, determining the position of a data file to be accessed according to the data access request;
judging whether the position of the data file to be accessed is a preset position or not;
if not, redirecting the access path of the data access request to obtain a target access path;
and performing data access based on the target access path.
Specifically, a data access request of the second application is received, and the file position of the data to be accessed is determined according to the data access request. The file location may refer to a location of the file in the memory, for example, the file location may be: system, refers to the display of the location of the file as seen by the user under the System file directory.
After the file position of the data to be accessed is obtained, whether the file position is the same as the preset position or not can be judged. Wherein the preset location may be a data storage location of the second application, when the application accesses an application under its own directory, such as/data/a, but only the application can access the directory, the multi-open application of the application needs to redirect the access path to, for example, the directory
Data can be accessed only under the conditions of/dualapps/data/A.
For example, if the preset position may be/app/data, and the file position of the data to be accessed may be/System, it may be determined that the file position of the data to be accessed is not the preset position.
If the position of the data file to be accessed is not the preset position, the access path of the data access can be redirected to obtain a target access path. The path redirection may refer to changing an original path of the data access request according to a preset position and a file position of the data to be accessed.
For example, the preset position may be/Appa/data, the file position of the data to be accessed may be/System, the access path is redirected, the target access path may be/Appa/data/System, and the data access may be completed based on the changed target access path.
The embodiment of the application discloses a permission processing method, which comprises the following steps: receiving an application multi-open request of a first application, and opening a second application according to the application multi-open request, wherein the second application is a split application corresponding to the first application in a virtual environment; when receiving an authority verification request of the second application, acquiring an application identifier of the second application; acquiring an authority subset corresponding to the application identifier from an authority set, wherein the authority set comprises authorized application authorities and application authorities to be authorized corresponding to a plurality of applications; responding the authority verification request based on the authority subset and performing authority verification to obtain an authority verification result; and running the second application according to the permission verification result. According to the embodiment of the application, the application permission of the multi-open application and the application permission of the original application are set separately, so that the safety isolation of the multi-open application is realized, and the safety of the multi-open application can be effectively improved.
Referring to fig. 2, fig. 2 is a schematic flowchart of a second permission processing method according to an embodiment of the present application. The specific scene application of the permission processing method can be as follows:
201. and the terminal receives the application multi-opening instruction and starts to start the multi-opening application according to the application multi-opening instruction.
Specifically, the terminal receives an application multi-open instruction, and the application multi-open instruction can be triggered through user operation. When the application is opened more, the application needs to have a multi-opening function, and the application with the multi-opening function can display two application icons on a terminal application display interface. One application icon corresponds to an opening entrance of the original application, and the other application icon corresponds to an opening entrance of the multi-open application.
For example, the user may trigger the application multi-open instruction by clicking an application icon corresponding to the multi-open application. The terminal can start to start the multi-open application according to the application multi-open instruction.
202. The terminal carries out safety monitoring on the multi-open application and judges whether the multi-open application is a safety application.
Specifically, when the terminal starts to start the multi-open application according to the application multi-open instruction, in order to avoid the opening of malicious applications, the multi-open application can be monitored safely, and whether the multi-open application is safe or not is judged.
For example, when the multi-open application is subjected to security monitoring, if the multi-open application passes the security monitoring, the multi-open application is a security application, and step 204 may be executed; for another example, if the multi-open application fails the security monitoring, the multi-open application is not a security application, and may be a malicious application, and step 203 may be executed.
203. And the terminal fails to start the multi-open application and finishes the operation.
Specifically, when the terminal detects that the multi-open application is not a secure application, the multi-open application is stopped to be started, and other programs of the terminal are prevented from being influenced to run or user data are prevented from being leaked.
204. The terminal obtains application identifiers of the multi-open applications, and obtains permission subsets corresponding to the multi-open applications from the permission set according to the application identifiers.
Specifically, when the terminal detects that the multi-open application is the secure application, the terminal may grant corresponding application permission to the multi-open application. Specifically, the terminal may obtain an application identifier of the multi-open application, and after obtaining the application identifier of the multi-open application, all application permissions corresponding to the application identifier may be determined from the application permission library according to the application identifier, that is, a permission subset corresponding to the multi-open application.
All the application permissions in the permission subset corresponding to the multi-open application may include application permissions to be authorized and authorized application permissions.
For example, acquiring the permission set corresponding to the multiple applications may include: authorized right 1, authorized right 2, authorized right 3, to-be-authorized right 1, to-be-authorized right 2, and so on.
205. And the terminal generates an authority setting interface based on the authority subset.
Specifically, after acquiring the permission subset corresponding to the multiple applications, the terminal may generate a permission setting interface according to the permission subset. And acquiring all the application permissions to be authorized in the permission subset to obtain an application permission list to be authorized, and displaying the application permission list to be authorized on a permission setting interface to enable a user to set. Referring to fig. 3, fig. 3 is a schematic view of an authority setting interface of an authority processing method according to an embodiment of the present application.
For example, fig. 3 includes application authority 1, application authority 2, application authority 3, application authority 4, and a selection control corresponding to the right side of each application authority, where the selection control may be a slide button, and the application authority is switched through the slide button. The application permission displayed by the application permission setting interface can be the application permission to be authorized, and the user can set the application permission according to the functions required to be completed currently.
206. And the terminal grants the authority to the multi-open application according to the operation of the user on the authority setting interface to obtain an authority granting result.
Specifically, the terminal grants the permission to the multi-open application according to the operation of the user on the permission setting interface, please refer to fig. 3, at this time, a sliding button of a selection control corresponding to the right side of each application permission is located on the right side, and "Off" can be seen on the selection control, which can indicate that the application permission is in a closed state, that is, the multi-open application cannot acquire the application permission.
For example, the user may slide the slide button on the selection control corresponding to the application permission 1 to the left, so that the application permission 1 may be opened, and the application permission 1 is obtained by opening more applications.
207. And the terminal operates the multi-open application according to the permission granting result.
Specifically, after the user completes the operation of the full-line setting interface, the multi-open application may obtain an authority granting result according to the user operation, start to run based on the authority granting result, and if the application authority granted to the user is executed in a certain function, obtain the application authority to complete the corresponding function.
The embodiment of the application discloses a permission processing method, which comprises the following steps: receiving an application multi-open request of a first application, and opening a second application according to the application multi-open request, wherein the second application is a split application corresponding to the first application in a virtual environment; when receiving an authority verification request of the second application, acquiring an application identifier of the second application; acquiring an authority subset corresponding to the application identifier from an authority set, wherein the authority set comprises authorized application authorities and application authorities to be authorized corresponding to a plurality of applications; responding the authority verification request based on the authority subset and performing authority verification to obtain an authority verification result; and running the second application according to the permission verification result. According to the embodiment of the application, the application permission of the multi-open application and the application permission of the original application are set separately, so that the safety isolation of the multi-open application is realized, and the safety of the multi-open application can be effectively improved.
In order to better implement the authority processing method provided by the embodiment of the present application, an embodiment of the present application further provides a device based on the authority processing method. The terms are the same as those in the above-mentioned authority processing method, and details of implementation can be referred to the description in the method embodiment.
Referring to fig. 4, fig. 4 is a block diagram of a first rights processing device according to an embodiment of the present disclosure, which can be applied to a mobile terminal such as a terminal, a tablet computer, a notebook computer, a palm computer, a Portable Media Player (PMP), and a fixed terminal such as a desktop computer, and the device includes:
a receiving unit 301, configured to receive an application multi-open request of a first application, and open a second application according to the application multi-open request, where the second application is an avatar application corresponding to the first application in a virtual environment;
a first obtaining unit 302, configured to obtain an application identifier of the second application when receiving an authority verification request of the second application;
a second obtaining unit 303, configured to obtain a permission subset corresponding to the application identifier from a permission set, where the permission set includes authorized application permissions and application permissions to be authorized corresponding to multiple applications;
the verification unit 304 is configured to verify the to-be-verified right in the right verification request based on the right subset to obtain a right verification result;
an execution unit 305, configured to execute the second application according to the permission verification result.
In some embodiments, referring to fig. 5, fig. 5 is a block diagram of a first permission processing apparatus according to an embodiment of the present application, where the verification unit 304 may include:
a determining subunit 3041, configured to determine, according to the permission subset, an authorized application permission list corresponding to the second application;
a first obtaining subunit 3042, configured to obtain a to-be-verified right in the right verification request;
a matching subunit 3043, configured to match the to-be-verified right with the authorized application right list;
a first execution subunit 3044, configured to, if the matching is successful, successfully verify the to-be-verified right;
the second execution subunit 3045 is configured to, if the matching fails, verify the to-be-verified right.
In some embodiments, the verification unit 304 may further include:
the second acquiring subunit is used for acquiring all the application permissions to be authorized in the permission subset;
the generating subunit is used for generating an authority setting interface according to all the application authorities to be authorized;
the display subunit is used for displaying the authority setting interface on a current display interface and prompting a user to set the authority;
and the processing subunit is used for processing the application permission to be authorized according to the operation of the user on the permission setting interface to obtain a permission granting result.
In some embodiments, the processing subunit is specifically configured to: acquiring user operation information; determining a selection control of user operation according to the user operation information; and granting the permission to the application permission to be granted corresponding to the selection control operated by the user.
In some embodiments, the right processing apparatus may further include:
the determining unit is used for determining the position of a data file to be accessed according to the data access request when the data access request of the second application is received;
the judging unit is used for judging whether the position of the data file to be accessed is a preset position or not;
the processing unit is used for redirecting the access path of the data access request to obtain a target access path if the data access request is not received;
and the access unit is used for performing data access based on the target access path.
In some embodiments, the right processing apparatus may further include:
a third obtaining unit configured to obtain application information of the first application;
a detection unit, configured to perform security detection on the second application based on the application information;
and the starting unit is used for starting the second application according to the application multi-opening request if the detection is passed.
The embodiment of the application discloses authority processing device, this authority processing device includes: receiving an application multi-open request of a first application, and opening a second application according to the application multi-open request, wherein the second application is a split application corresponding to the first application in a virtual environment; when receiving an authority verification request of the second application, acquiring an application identifier of the second application; acquiring an authority subset corresponding to the application identifier from an authority set, wherein the authority set comprises authorized application authorities and application authorities to be authorized corresponding to a plurality of applications; responding the authority verification request based on the authority subset and performing authority verification to obtain an authority verification result; and running the second application according to the permission verification result. According to the embodiment of the application, the application permission of the multi-open application and the application permission of the original application are set separately, so that the safety isolation of the multi-open application is realized, and the safety of the multi-open application can be effectively improved.
The embodiment of the application also provides a terminal. As shown in fig. 6, the terminal may include a Radio Frequency (RF) circuit 601, a memory 602 including one or more storage media, an input unit 603, a display unit 604, a sensor 605, an audio circuit 606, a Wireless Fidelity (WiFi) module 607, a processor 608 including one or more processing cores, and a power supply 609. Those skilled in the art will appreciate that the terminal structure shown in fig. 6 is not intended to be limiting and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components. Wherein:
the RF circuit 601 may be used for receiving and transmitting signals during transceiving information, and in particular, for receiving and transmitting downlink information of a base station to be processed by one or more processors 608 and, in addition, for transmitting data related to an uplink to the base station, in general, the RF circuit 601 includes, but is not limited to, an antenna, at least one Amplifier, a tuner, one or more oscillators, a Subscriber Identity Module (SIM) card, a transceiver, a coupler, a low noise Amplifier (L NA, &ttttranslation = L "&tttl &/t &gtttownnoiseamplifier), a duplexer, and the like.
The memory 602 may be used to store software programs and modules, and the processor 608 executes various functional applications and data processing by operating the software programs and modules stored in the memory 602. The memory 602 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function (such as a sound playing function, an image playing function, etc.), and the like. Further, the memory 602 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device. Accordingly, the memory 602 may also include a memory controller to provide the processor 608 and the input unit 603 access to the memory 602.
The input unit 603 may be used to receive input numeric or character information and generate keyboard, mouse, joystick, optical or trackball signal inputs related to user settings and function control. In particular, in one particular embodiment, input unit 603 may include a touch-sensitive surface as well as other input devices. The touch-sensitive surface, also referred to as a touch display screen or a touch pad, may collect touch operations by a user (e.g., operations by a user on or near the touch-sensitive surface using a finger, a stylus, or any other suitable object or attachment) thereon or nearby, and drive the corresponding connection device according to a predetermined program. The input unit 603 may include other input devices in addition to the touch-sensitive surface. In particular, other input devices may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control keys, switch keys, etc.), a trackball, a mouse, a joystick, and the like.
The display unit 604 may be used to display information input by or provided to a user and various graphical user interfaces of the server, which may be formed of graphics, text, icons, video, and any combination thereof, the display unit 604 may include a display panel, which may optionally be configured in the form of a liquid crystal display (L CD, &lTtTtranslation = L "&tttL &/T &gTt required crystalline display), an Organic light Emitting Diode (O L ED, Organic L ight-emissive Diode), or the like, further, the touch sensitive surface may cover the display panel, and upon detection of a touch operation on or near the touch sensitive surface, may be communicated to the processor 608 to determine the type of touch event, and the processor 608 may then provide a corresponding visual output on the display panel according to the type of touch event.
The terminal may also include at least one sensor 605, such as a light sensor, motion sensor, and other sensors. Specifically, the light sensor may include an ambient light sensor that adjusts the brightness of the display panel according to the brightness of ambient light, and a proximity sensor that turns off the display panel and the backlight when the server moves to the ear.
Audio circuitry 606, speakers, and microphones may provide an audio interface between the user and the server. The audio circuit 606 may transmit the electrical signal converted from the received audio data to a speaker, and convert the electrical signal into a sound signal for output; on the other hand, the microphone converts the collected sound signal into an electrical signal, which is received by the audio circuit 606 and converted into audio data, which is then processed by the audio data output processor 608, and then passed through the RF circuit 601 to be sent to, for example, a terminal, or the audio data is output to the memory 602 for further processing. The audio circuitry 606 may also include an ear-bud jack to provide communication of peripheral headphones with the server.
WiFi belongs to short-distance wireless transmission technology, and the terminal can help a user to receive and send e-mails, browse webpages, access streaming media and the like through the WiFi module 607, and provides wireless broadband internet access for the user. Although fig. 6 shows the WiFi module 607, it is understood that it does not belong to the essential constitution of the terminal, and may be omitted entirely as needed within the scope of not changing the essence of the application.
The processor 608 is a control center of the terminal, connects various parts of the entire terminal using various interfaces and lines, and performs various functions of the server and processes data by running or executing software programs and modules stored in the memory 602 and calling data stored in the memory 602, thereby performing overall monitoring of the terminal. Optionally, processor 608 may include one or more processing cores; preferably, the processor 608 may integrate an application processor, which primarily handles operating systems, user interfaces, applications, etc., and a modem processor, which primarily handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 608.
The terminal also includes a power supply 609 (e.g., a battery) for powering the various components, which may preferably be logically connected to the processor 608 via a power management system that may be used to manage charging, discharging, and power consumption. The power supply 609 may also include any component of one or more dc or ac power sources, recharging systems, power failure detection circuitry, power converters or inverters, power status indicators, and the like.
Specifically, in this embodiment, the processor 608 in the terminal loads the executable file corresponding to the process of one or more application programs into the memory 602 according to the following instructions, and the processor 608 runs the application programs stored in the memory 602, thereby implementing various functions:
receiving an application multi-open request of a first application, and opening a second application according to the application multi-open request, wherein the second application is a split application corresponding to the first application in a virtual environment;
when receiving an authority verification request of the second application, acquiring an application identifier of the second application;
acquiring an authority subset corresponding to the application identifier from an authority set, wherein the authority set comprises authorized application authorities and application authorities to be authorized corresponding to a plurality of applications;
responding the authority verification request based on the authority subset and performing authority verification to obtain an authority verification result;
and running the second application according to the permission verification result.
The embodiment of the application discloses a permission processing method, a permission processing device, a storage medium and a terminal. The authority processing method comprises the following steps: receiving an application multi-open request of a first application, and opening a second application according to the application multi-open request, wherein the second application is a split application corresponding to the first application in a virtual environment; when receiving an authority verification request of the second application, acquiring an application identifier of the second application; acquiring an authority subset corresponding to the application identifier from an authority set, wherein the authority set comprises authorized application authorities and application authorities to be authorized corresponding to a plurality of applications; responding the authority verification request based on the authority subset and performing authority verification to obtain an authority verification result; and running the second application according to the permission verification result. According to the embodiment of the application, the application permission of the multi-open application and the application permission of the original application are set separately, so that the safety isolation of the multi-open application is realized, and the safety of the multi-open application can be effectively improved.
It will be understood by those skilled in the art that all or part of the steps in the methods of the above embodiments may be performed by instructions or by instructions controlling associated hardware, which may be stored in a storage medium and loaded and executed by a processor.
To this end, the present application provides a storage medium, in which a plurality of instructions are stored, where the instructions can be loaded by a processor to execute the steps in any one of the authority processing methods provided in the present application. For example, the instructions may perform the steps of:
receiving an application multi-open request of a first application, and opening a second application according to the application multi-open request, wherein the second application is a split application corresponding to the first application in a virtual environment; when receiving an authority verification request of the second application, acquiring an application identifier of the second application; acquiring an authority subset corresponding to the application identifier from an authority set, wherein the authority set comprises authorized application authorities and application authorities to be authorized corresponding to a plurality of applications; responding the authority verification request based on the authority subset and performing authority verification to obtain an authority verification result; and running the second application according to the permission verification result.
The above operations can be implemented in the foregoing embodiments, and are not described in detail herein.
Wherein the storage medium may include: read Only Memory (ROM), Random Access Memory (RAM), magnetic or optical disks, and the like.
Since the instructions stored in the storage medium can execute the steps in any of the permission processing methods provided in the embodiments of the present application, beneficial effects that can be achieved by any of the permission processing methods provided in the embodiments of the present application can be achieved, for details, see the foregoing embodiments, and are not described herein again.
The authority processing method, apparatus, storage medium and terminal provided in the embodiments of the present application are described in detail above, and a specific example is applied in the description to explain the principle and the implementation of the present application, and the description of the above embodiments is only used to help understanding the method and the core idea of the present application; meanwhile, for those skilled in the art, according to the idea of the present application, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application.

Claims (10)

1. A method of privilege processing, comprising:
receiving an application multi-open request of a first application, and opening a second application according to the application multi-open request, wherein the second application is a split application corresponding to the first application in a virtual environment;
when receiving an authority verification request of the second application, acquiring an application identifier of the second application;
acquiring an authority subset corresponding to the application identifier from an authority set, wherein the authority set comprises authorized application authorities and application authorities to be authorized corresponding to a plurality of applications;
responding the authority verification request based on the authority subset and performing authority verification to obtain an authority verification result;
and running the second application according to the permission verification result.
2. The method of claim 1, wherein responding to the permission verification request and performing permission verification based on the subset of permissions comprises:
determining an authorized application permission list corresponding to the second application according to the permission subset;
acquiring the authority to be verified in the authority verification request;
matching the permission to be verified with the authorized application permission list;
if the matching is successful, the to-be-verified authority is verified successfully;
and if the matching fails, the verification of the authority to be verified fails.
3. The method according to claim 2, further comprising, after the authentication of the right to be authenticated fails:
acquiring all application permissions to be authorized in the permission subset;
generating an authority setting interface according to all application authorities to be authorized;
displaying the authority setting interface on a current display interface, and prompting a user to set the authority;
and processing the application permission to be authorized according to the operation of the user on the permission setting interface to obtain a permission granting result.
4. The method of claim 3, wherein the permission setting interface comprises a selection control;
the processing of the application permission to be authorized according to the operation of the user on the permission setting interface comprises the following steps:
acquiring user operation information;
determining a selection control of user operation according to the user operation information;
and granting the permission to the application permission to be granted corresponding to the selection control operated by the user.
5. The method according to claim 1, further comprising, after running the second application according to the permission verification result:
when a data access request of the second application is received, determining the position of a data file to be accessed according to the data access request;
judging whether the position of the data file to be accessed is a preset position or not;
if not, redirecting the access path of the data access request to obtain a target access path;
and performing data access based on the target access path.
6. The method of claim 1, further comprising, before opening the second application according to the application multi-open request:
acquiring application information of the first application;
performing security detection on the second application based on the application information;
and if the detection is passed, starting a second application according to the application multi-opening request.
7. An authority processing apparatus characterized by comprising:
the device comprises a receiving unit, a judging unit and a processing unit, wherein the receiving unit is used for receiving an application multi-open request of a first application and opening a second application according to the application multi-open request, and the second application is an individual application corresponding to the first application in a virtual environment;
a first obtaining unit, configured to obtain an application identifier of the second application when receiving an authority verification request of the second application;
a second obtaining unit, configured to obtain a permission subset corresponding to the application identifier from a permission set, where the permission set includes authorized application permissions and application permissions to be authorized corresponding to multiple applications;
the verification unit is used for verifying the authority to be verified in the authority verification request based on the authority subset to obtain an authority verification result;
and the running unit is used for running the second application according to the permission verification result.
8. The apparatus of claim 7, wherein the authentication unit comprises:
a determining subunit, configured to determine, according to the permission subset, an authorized application permission list corresponding to the second application;
the first obtaining subunit is used for obtaining the authority to be verified in the authority verification request;
the matching subunit is used for matching the permission to be verified with the authorized application permission list;
the first execution subunit is used for successfully verifying the to-be-verified authority if the matching is successful;
and the second execution subunit is used for failing to verify the to-be-verified authority if the matching fails.
9. A storage medium storing a plurality of instructions adapted to be loaded by a processor to perform the steps of the privilege processing method as claimed in any one of claims 1 to 6.
10. A terminal comprising a processor and a memory, the memory storing a plurality of instructions, the processor loading the instructions to perform the steps of the privilege processing method according to any one of claims 1 to 6.
CN202010221045.7A 2020-03-26 2020-03-26 Authority processing method and device, storage medium and terminal Active CN111444539B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010221045.7A CN111444539B (en) 2020-03-26 2020-03-26 Authority processing method and device, storage medium and terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010221045.7A CN111444539B (en) 2020-03-26 2020-03-26 Authority processing method and device, storage medium and terminal

Publications (2)

Publication Number Publication Date
CN111444539A true CN111444539A (en) 2020-07-24
CN111444539B CN111444539B (en) 2023-10-03

Family

ID=71648718

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010221045.7A Active CN111444539B (en) 2020-03-26 2020-03-26 Authority processing method and device, storage medium and terminal

Country Status (1)

Country Link
CN (1) CN111444539B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111931160A (en) * 2020-08-13 2020-11-13 苏州朗动网络科技有限公司 Authority verification method, device, terminal and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106650324A (en) * 2016-10-10 2017-05-10 广东欧珀移动通信有限公司 Application program authority management method and device and mobile terminal
CN106650410A (en) * 2016-12-29 2017-05-10 北京奇虎科技有限公司 Method and device for android application permission control
CN108932427A (en) * 2018-05-18 2018-12-04 华中科技大学 A kind of Android is using the control method and system for limiting access in more open loop borders
CN109388435A (en) * 2017-08-04 2019-02-26 北京多点在线科技有限公司 Realize app while the repeatedly method and apparatus of opening operation

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106650324A (en) * 2016-10-10 2017-05-10 广东欧珀移动通信有限公司 Application program authority management method and device and mobile terminal
CN106650410A (en) * 2016-12-29 2017-05-10 北京奇虎科技有限公司 Method and device for android application permission control
CN109388435A (en) * 2017-08-04 2019-02-26 北京多点在线科技有限公司 Realize app while the repeatedly method and apparatus of opening operation
CN108932427A (en) * 2018-05-18 2018-12-04 华中科技大学 A kind of Android is using the control method and system for limiting access in more open loop borders

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111931160A (en) * 2020-08-13 2020-11-13 苏州朗动网络科技有限公司 Authority verification method, device, terminal and storage medium
CN111931160B (en) * 2020-08-13 2024-03-29 企查查科技股份有限公司 Authority verification method, authority verification device, terminal and storage medium

Also Published As

Publication number Publication date
CN111444539B (en) 2023-10-03

Similar Documents

Publication Publication Date Title
US12041165B2 (en) Key updating method, apparatus, and system
CN112733107B (en) Information verification method, related device, equipment and storage medium
CN109600223B (en) Verification method, activation method, device, equipment and storage medium
CN110417543B (en) Data encryption method, device and storage medium
US9635018B2 (en) User identity verification method and system, password protection apparatus and storage medium
WO2017185711A1 (en) Method, apparatus and system for controlling smart device, and storage medium
CN108881103B (en) Network access method and device
CN108011879B (en) File encryption and decryption method, device, equipment and storage medium
WO2017084288A1 (en) Method and device for verifying identity
CN106484518B (en) Display method and device of multi-open application and terminal
CN107145794B (en) Data processing method and device and mobile terminal
CN108475304B (en) Method and device for associating application program and biological characteristics and mobile terminal
CN107154935B (en) Service request method and device
WO2016078504A1 (en) Identity authentication method and device
CN108090345B (en) Linux system external command execution method and device
WO2014000652A1 (en) Browser plug-in installation method, device and terminal
CN111563251A (en) Encryption method and related device for private information in terminal equipment
WO2017067369A1 (en) Method and device for encrypting picture, method and device for decrypting picture, and equipment
US10764038B2 (en) Method and apparatus for generating terminal key
CN108460251B (en) Method, device and system for running application program
US11516654B2 (en) Method for automatically encrypting short message, storage device and mobile terminal
CN111444539B (en) Authority processing method and device, storage medium and terminal
WO2019090702A1 (en) Terminal security protection method and device
CN112153032A (en) Information processing method, device, computer readable storage medium and system
WO2015062241A1 (en) Method, device and terminal for protecting application program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant